Privacy Policy — sonabit
At sonabit, your privacy is not an afterthought — it is a core part of how we build and operate our platform. This Privacy Policy explains precisely what personal data we collect, how we use it, who we share it with, how long we retain it, and what rights you hold over your own information. We encourage you to read it in full.
1Data We Collect
sonabit collects personal data from Users in several ways: directly when you register an account or interact with our services; automatically as you use our platform; and, in limited circumstances, from trusted third-party sources. We collect only the data that is necessary for the purposes described in this Privacy Policy. We do not sell your personal data to third parties.
1.1 Data You Provide Directly
When you register, verify your identity, make a deposit or withdrawal, contact support, or participate in a promotion, you may provide us with the following categories of personal data:
| Category | Examples | When Collected |
|---|---|---|
| Identity Data | Full legal name, date of birth, nationality, NID / passport number | Registration & KYC verification |
| Contact Data | Email address, phone number, city of residence | Registration |
| Financial Data | bKash / Nagad / Rocket wallet number, bank account details, transaction records | Deposit / withdrawal processing |
| Verification Documents | Copy of NID, passport, driving licence, proof of address, selfie photograph | KYC identity verification |
| Communications Data | Live chat logs, support email correspondence, feedback submissions | Customer support interactions |
| Responsible Gaming Data | Self-exclusion preferences, deposit limits, session time settings | Responsible gaming tool requests |
1.2 Data Collected Automatically
When you access sonabit, our systems automatically record certain technical data about your visit. This data helps us maintain platform security, diagnose technical issues, and improve the overall user experience. Automatically collected data includes:
- Device & Browser Data: IP address, device type, operating system, browser type and version, screen resolution, and language settings.
- Usage Data: Pages visited, time spent on each page, links clicked, game sessions initiated, bet history, and session timestamps.
- Log Data: Server access logs, error logs, and security event logs maintained for fraud prevention and system integrity purposes.
- Location Data: General geographic location derived from your IP address (country and city level). We do not collect precise GPS-level location data.
1.3 Data from Third Parties
In certain circumstances, sonabit may receive personal data about you from third-party sources, including:
- Payment processors (bKash, Nagad, Rocket, Upay, banks, Visa, Mastercard) who confirm transaction outcomes and, where required for fraud prevention, share relevant transaction metadata.
- Identity verification partners who assist with KYC checks by cross-referencing documents against official databases.
- Analytics providers who supply aggregated, anonymised data about platform performance and traffic patterns.
2How We Use Your Data
sonabit uses the personal data we hold about you for specific, legitimate purposes. We do not use your data for purposes incompatible with those listed below. Where a new purpose arises, we will update this Privacy Policy and, where required, seek your explicit consent before proceeding.
2.1 Core Service Delivery
The primary use of your personal data is to provide you with the sonabit service. This includes:
- Creating and managing your registered account.
- Processing deposits and withdrawals in Bangladeshi Taka via your chosen payment method.
- Verifying your identity to comply with our Know Your Customer (KYC) obligations.
- Enabling you to place bets, play casino games, and access live cricket and sports markets.
- Applying and tracking bonus credits, wagering requirements, and promotional rewards.
- Enforcing account-level responsible gaming tools such as deposit limits and self-exclusion periods.
2.2 Security & Fraud Prevention
We analyse usage patterns, device data, and transaction history to detect and prevent fraudulent activity, money laundering, multiple-account abuse, and unauthorised access. Where suspicious activity is identified, we may suspend an account pending investigation and, where legally required, report the activity to the relevant authorities.
2.3 Legal & Regulatory Compliance
sonabit is required to retain certain categories of data to comply with applicable laws and regulations, including anti-money laundering (AML) obligations, financial record-keeping requirements, and any lawful requests from courts or regulatory bodies. We do not use legally mandated data for commercial purposes.
2.4 Service Improvement & Analytics
Aggregated and anonymised usage data is used to analyse how players interact with sonabit, identify technical issues, and prioritise product improvements. This analysis does not identify you personally and is never shared with third parties in a form that could be linked back to you.
2.5 Marketing Communications
Where you have provided explicit consent, sonabit may send you promotional emails about new games, upcoming BPL and T20 cricket betting markets, seasonal bonuses tied to Eid or Pohela Boishakh, and platform updates. You may withdraw your marketing consent at any time by clicking the unsubscribe link in any marketing email or by contacting support@sonabit. Withdrawal of marketing consent does not affect the lawfulness of processing carried out before withdrawal.
3Legal Basis for Processing
Every instance of personal data processing carried out by sonabit rests on one of the following legal grounds. We identify the applicable legal basis for each processing activity to ensure full transparency:
| Processing Activity | Legal Basis |
|---|---|
| Account creation and management | Performance of a contract |
| Processing deposits and withdrawals | Performance of a contract |
| KYC identity verification | Legal obligation & performance of a contract |
| Fraud detection and security monitoring | Legitimate interests (platform security) |
| AML record retention | Legal obligation |
| Responsible gaming tools enforcement | Legal obligation & legitimate interests |
| Marketing communications | Consent |
| Platform analytics (anonymised) | Legitimate interests (service improvement) |
Where we rely on legitimate interests as our legal basis, we carry out a balancing assessment to confirm that our interests do not override your fundamental rights and freedoms. You may request a copy of any such assessment by contacting us at the address provided in Section 8 of this Policy.
4Data Sharing & Disclosure
sonabit does not share your personal data with third parties except in the limited circumstances described below. All third-party recipients of your data are required to process it in accordance with applicable data protection standards and are prohibited from using it for their own independent commercial purposes.
4.1 Service Providers
We engage carefully vetted third-party service providers to support specific operational functions. These providers act as data processors on our behalf and are bound by strict contractual obligations:
- Payment processors: bKash, Nagad, Rocket, Upay, Dutch-Bangla Bank, City Bank, BRAC Bank, Islami Bank, Sonali Bank, Visa, and Mastercard — for processing financial transactions.
- KYC & identity verification partners: For cross-referencing identity documents during account verification.
- Game content providers: Pragmatic Play, Evolution Gaming, NetEnt, Microgaming, Spribe, and Ezugi — who receive only the minimum session data required to deliver their game content.
- Cloud hosting & infrastructure providers: Who store platform data in secure, access-controlled server environments.
- Customer support software providers: Who facilitate live chat and email support ticket management.
4.2 Legal & Regulatory Disclosure
sonabit may disclose your personal data to law enforcement agencies, courts, regulatory bodies, or government authorities when required to do so by applicable law, a valid court order, or a lawful regulatory directive. Where permissible, we will notify you of such a disclosure request before complying.
4.3 Business Transfers
In the event of a merger, acquisition, restructuring, or sale of all or part of sonabit's assets, your personal data may be transferred to the acquiring entity as part of that transaction. You will be notified of any such transfer and of any changes to this Privacy Policy that may result from it before the transfer takes effect.
5Cookies & Tracking Technologies
sonabit uses cookies and similar tracking technologies to operate the platform, remember your preferences, maintain session security, and gather anonymised analytics data. A cookie is a small text file placed on your device by our web server. Cookies cannot execute code or deliver viruses and cannot access files elsewhere on your device.
5.1 Types of Cookies We Use
| Cookie Type | Purpose | Duration |
|---|---|---|
| Strictly Necessary | Session authentication, security tokens, load balancing, fraud prevention signals | Session / up to 24 hours |
| Functional | Remembering language preference, game display settings, responsible gaming tool states | Up to 12 months |
| Analytics | Anonymised page-view counts, game engagement metrics, navigation flow analysis | Up to 24 months |
| Marketing | Tracking promotional campaign effectiveness (only with your consent) | Up to 12 months |
5.2 Managing Cookies
Strictly necessary cookies cannot be disabled as they are essential to the operation of the platform. You may disable functional, analytics, and marketing cookies through your browser settings or your device's privacy controls at any time. Please note that disabling certain cookies may affect the functionality and personalisation of your sonabit experience. Instructions for managing cookies in the most commonly used browsers are available through the browser's own help documentation.
6Data Retention
sonabit retains personal data only for as long as is necessary to fulfil the purposes for which it was collected, or as required by applicable law. Our standard retention periods are set out below:
| Data Category | Retention Period | Basis |
|---|---|---|
| Account registration data | Duration of account + 5 years after closure | Legal obligation (AML) |
| KYC identity documents | Duration of account + 5 years after closure | Legal obligation |
| Transaction records | Duration of account + 5 years after closure | Legal obligation (financial records) |
| Support communications | 3 years from last interaction | Legitimate interests |
| Self-exclusion records | Minimum 7 years | Legal obligation & player protection |
| Marketing consent records | Until consent withdrawn + 3 years | Legal obligation (consent records) |
| Anonymised analytics data | Up to 36 months | Legitimate interests |
When the applicable retention period expires, sonabit securely deletes or anonymises your personal data using industry-standard data destruction methods. Anonymised data — which can no longer be linked to any identifiable individual — may be retained indefinitely for statistical and research purposes.
7Your Privacy Rights
As a User of sonabit, you hold the following rights with respect to your personal data. To exercise any of these rights, please contact our Data Protection team using the details in Section 8. We will respond to all valid requests within 30 days. We may ask you to verify your identity before processing any rights request to protect the security of your account data.
Right of Access
Request a copy of all personal data we hold about you, along with details of how it is used and shared.
Right of Rectification
Request correction of any inaccurate or incomplete personal data we hold about you without undue delay.
Right of Erasure
Request deletion of your personal data where we no longer have a lawful basis for retaining it.
Right to Restrict Processing
Ask us to suspend processing of your data while accuracy or lawfulness is under review.
Right to Data Portability
Receive a structured, machine-readable copy of data you provided to us, for transfer to another service.
Right to Object
Object to processing based on legitimate interests, including objecting to direct marketing at any time.
8Contact & Data Controller
sonabit is the data controller responsible for your personal data. If you have any questions, concerns, or requests relating to this Privacy Policy or how your personal data is handled, please contact our Data Protection team using the details below. All enquiries are handled in English.
Platform: sonabit
Email: support@sonabit (subject line: "Privacy Request")
Response time: Within 30 calendar days of receipt of your request.
Operating hours: Bangladesh Standard Time (BST, UTC+6), Monday to Sunday.
8.1 Changes to This Privacy Policy
sonabit reserves the right to update this Privacy Policy at any time. Where changes are material — for example, if we begin processing a new category of personal data or share data with a new category of third party — we will notify registered users via the email address held on their account before the change takes effect. The effective date at the top of this page will always reflect the date of the most recent revision. We encourage you to review this page periodically to stay informed about how sonabit protects your data.
8.2 Minors
sonabit does not knowingly collect personal data from individuals under 18 years of age. Our registration process includes an age declaration, and our KYC verification process is designed to identify and reject underage applicants. If you believe that a minor has registered on sonabit, please notify us immediately at support@sonabit. Any account confirmed as belonging to a minor will be closed immediately and all data deleted as far as legally permissible.
18+ | Play Responsibly | sonabit — Bangladesh's trusted online gaming platform.
How sonabit Safeguards Your Privacy
Our approach to data protection goes beyond legal compliance. Here are the practical commitments behind every word of this policy.
End-to-End Encryption
All data transmitted between your device and sonabit is protected by 256-bit SSL/TLS encryption. Your login credentials, financial details, and personal documents are never sent in plain text over any network.
Strict Internal Access Controls
Access to personal data within sonabit is granted on a strict need-to-know basis. Staff members can only access the specific data required to perform their job functions. All access events are logged and audited regularly.
Your Data Is Never Sold
sonabit does not sell, rent, or trade your personal data to any third-party marketer, data broker, or advertiser. Your information is used exclusively to power the platform services you signed up for.
Full Rights Over Your Data
You hold six clear privacy rights — access, rectification, erasure, restriction, portability, and objection. Submit any request to our Data Protection team and we will respond within 30 days, free of charge.
Responsible KYC Process
Our KYC verification confirms your identity and age before any withdrawal is processed. Documents are reviewed securely, stored with encryption, and retained only for the periods required by law.
Secure Local Payment Data
Payment data shared with bKash, Nagad, Rocket, and partner banks is transmitted under strict data processing agreements. sonabit never stores full card numbers or full mobile banking PINs on its own servers.
Questions About Your Privacy?
Our support team is here to help with any privacy-related query. You can also review our full Terms & Conditions, explore our Responsible Gaming tools, or head straight to the sonabit Casino.
Browse FAQ Terms & Conditions Responsible Gaming